[CentOS] nmcli: unwanted secondary ip-address

Tue Sep 22 13:15:28 UTC 2020
Felix Kölzow <felix.koelzow at gmx.de>

Dear Simon,

every second IP-address is unwanted. We restarted  eno4:

nmcli con down eno4; nmcli con up eno4

and the second address vanishes. Then after a few ours, the second ip 
address reappears.


This is the config-file of eno2:

# cat ifcfg-eno2
TYPE=Ethernet
PROXY_METHOD=none
BROWSER_ONLY=no
BOOTPROTO=none
DEFROUTE=yes
IPV4_FAILURE_FATAL=yes
IPV6INIT=no
IPV6_AUTOCONF=yes
IPV6_DEFROUTE=yes
IPV6_FAILURE_FATAL=no
IPV6_ADDR_GEN_MODE=stable-privacy
NAME=eno2
UUID=cb6fcb54-be52-4ab6-8324-88091a0ea1a0
DEVICE=eno2
ONBOOT=yes
IPV6_PRIVACY=no
IPADDR=10.10.100.205
PREFIX=24
GATEWAY=10.10.100.254
DNS1=10.10.100.1
DNS2=10.10.100.2
DOMAIN=ourDomain

I am not aware of this setting:

scope global secondary dynamic


So maybe you are able to find it in the nmcli output:

# nmcli con edit eno2

===| nmcli interactive connection editor |===

Editing existing '802-3-ethernet' connection: 'eno2'


nmcli> p
===============================================================================
                        Connection profile details (eno2)
===============================================================================
connection.id:                          eno2
connection.uuid: cb6fcb54-be52-4ab6-8324-88091a0ea1a0
connection.stable-id:                   --
connection.type:                        802-3-ethernet
connection.interface-name:              eno2
connection.autoconnect:                 yes
connection.autoconnect-priority:        0
connection.autoconnect-retries:         -1 (default)
connection.multi-connect:               0 (default)
connection.auth-retries:                -1
connection.timestamp:                   1600780222
connection.read-only:                   no
connection.permissions:                 --
connection.zone:                        --
connection.master:                      --
connection.slave-type:                  --
connection.autoconnect-slaves:          -1 (default)
connection.secondaries:                 --
connection.gateway-ping-timeout:        0
connection.metered:                     unknown
connection.lldp:                        default
connection.mdns:                        -1 (default)
connection.llmnr:                       -1 (default)
connection.wait-device-timeout:         -1
-------------------------------------------------------------------------------
802-3-ethernet.port:                    --
802-3-ethernet.speed:                   0
802-3-ethernet.duplex:                  --
802-3-ethernet.auto-negotiate:          no
802-3-ethernet.mac-address:             --
802-3-ethernet.cloned-mac-address:      --
802-3-ethernet.generate-mac-address-mask:--
802-3-ethernet.mac-address-blacklist:   --
802-3-ethernet.mtu:                     auto
802-3-ethernet.s390-subchannels:        --
802-3-ethernet.s390-nettype:            --
802-3-ethernet.s390-options:            --
802-3-ethernet.wake-on-lan:             default
802-3-ethernet.wake-on-lan-password:    --
-------------------------------------------------------------------------------
ipv4.method:                            manual
ipv4.dns: 10.10.100.1,10.10.100.2
ipv4.dns-search:                        ourDomain
ipv4.dns-options:                       --
ipv4.dns-priority:                      0
ipv4.addresses:                         10.10.100.205/24
ipv4.gateway:                           10.10.100.254
ipv4.routes:                            --
ipv4.route-metric:                      -1
ipv4.route-table:                       0 (unspec)
ipv4.routing-rules:                     --
ipv4.ignore-auto-routes:                no
ipv4.ignore-auto-dns:                   no
ipv4.dhcp-client-id:                    --
ipv4.dhcp-iaid:                         --
ipv4.dhcp-timeout:                      0 (default)
ipv4.dhcp-send-hostname:                yes
ipv4.dhcp-hostname:                     --
ipv4.dhcp-fqdn:                         --
ipv4.dhcp-hostname-flags:               0x0 (none)
ipv4.never-default:                     no
ipv4.may-fail:                          no
ipv4.dad-timeout:                       -1 (default)
-------------------------------------------------------------------------------
ipv6.method:                            ignore
ipv6.dns:                               --
ipv6.dns-search:                        --
ipv6.dns-options:                       --
ipv6.dns-priority:                      0
ipv6.addresses:                         --
ipv6.gateway:                           --
ipv6.routes:                            --
ipv6.route-metric:                      -1
ipv6.route-table:                       0 (unspec)
ipv6.routing-rules:                     --
ipv6.ignore-auto-routes:                no
ipv6.ignore-auto-dns:                   no
ipv6.never-default:                     no
ipv6.may-fail:                          yes
ipv6.ip6-privacy:                       0 (disabled)
ipv6.addr-gen-mode:                     stable-privacy
ipv6.ra-timeout:                        0 (default)
ipv6.dhcp-duid:                         --
ipv6.dhcp-iaid:                         --
ipv6.dhcp-timeout:                      0 (default)
ipv6.dhcp-send-hostname:                yes
ipv6.dhcp-hostname:                     --
ipv6.dhcp-hostname-flags:               0x0 (none)
ipv6.token:                             --
-------------------------------------------------------------------------------
proxy.method:                           none
proxy.browser-only:                     no
proxy.pac-url:                          --
proxy.pac-script:                       --
-------------------------------------------------------------------------------
nmcli>


Felix

On 22/09/2020 14:35, Simon Matter wrote:
>> Dear Simon,
>>
>>
>>> And can you diff the config of eno1 and eno4.
>> # pwd
>> /etc/sysconfig/network-scripts
> Okay, nothing to find here.
>
> What about eno2, you also have two IP addresses there and even in the same
> subnet, is this wanted or not? Can the second address of eno2 be found in
> the ifcfg file?
>
> Both eno2 and eno4 have "scope global secondary dynamic" with the second
> address and it doesn't seem to come from the base configuration.
>
> Simon
>
>> # diff -u ifcfg-eno1 ifcfg-eno4
>> --- ifcfg-eno1    2020-09-21 17:23:25.576672703 +0200
>> +++ ifcfg-eno4    2020-09-22 07:18:43.160532532 +0200
>> @@ -3,15 +3,20 @@
>>    BROWSER_ONLY=no
>>    BOOTPROTO=none
>>    DEFROUTE=no
>> -IPV4_FAILURE_FATAL=yes
>> -IPV6INIT=no
>> -IPV6_AUTOCONF=no
>> +IPV4_FAILURE_FATAL=no
>> +IPV6INIT=yes
>> +IPV6_AUTOCONF=yes
>>    IPV6_DEFROUTE=no
>>    IPV6_FAILURE_FATAL=no
>>    IPV6_ADDR_GEN_MODE=stable-privacy
>> -NAME=eno1
>> -UUID=1e382037-fec9-493d-a4f2-ace7d73a1e7b
>> -DEVICE=eno1
>> +NAME=eno4
>> +UUID=dbd95c24-1ed7-4292-8dba-3934bd1476a0
>> +DEVICE=eno4
>>    ONBOOT=yes
>> -IPADDR=192.168.1.90
>> +IPADDR=192.168.2.98
>>    PREFIX=24
>> +DNS1=10.10.100.1
>> +DNS2=10.10.100.2
>> +#DNS3=8.8.8.8
>> +PEERDNS=no
>> +PEERROUTES=no
>>
>>> Can you show  the config of eno4?
>> # cat  ifcfg-eno4
>> TYPE=Ethernet
>> PROXY_METHOD=none
>> BROWSER_ONLY=no
>> BOOTPROTO=none
>> DEFROUTE=no
>> IPV4_FAILURE_FATAL=no
>> IPV6INIT=yes
>> IPV6_AUTOCONF=yes
>> IPV6_DEFROUTE=no
>> IPV6_FAILURE_FATAL=no
>> IPV6_ADDR_GEN_MODE=stable-privacy
>> NAME=eno4
>> UUID=dbd95c24-1ed7-4292-8dba-3934bd1476a0
>> DEVICE=eno4
>> ONBOOT=yes
>> IPADDR=192.168.2.98
>> PREFIX=24
>> DNS1=10.10.100.1
>> DNS2=10.10.100.2
>> #DNS3=8.8.8.8
>> PEERDNS=no
>> PEERROUTES=no
>>
>> Regards,
>>
>> Felix
>>
>> _______________________________________________
>> CentOS mailing list
>> CentOS at centos.org
>> https://lists.centos.org/mailman/listinfo/centos
>>
>
> _______________________________________________
> CentOS mailing list
> CentOS at centos.org
> https://lists.centos.org/mailman/listinfo/centos